CVE-2023-36281

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 22, 2023

Updated: Nov 29, 2023

CWE ID 94

Summary

CVE-2023-36281 is a newly identified vulnerability in langchain version 0.0.171. This issue permits a remote attacker to execute arbitrary code through a JSON file that is handled by the load_prompt function. The vulnerability is related to the handling of certain subclasses or templates within the software. This weakness could potentially be exploited to gain unauthorized access or control over affected systems. Users of langchain are encouraged to apply the latest security patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sbFRx-
https://www.cve.org/CVERecord?id=CVE-2023-36281
https://nvd.nist.gov/vuln/detail/CVE-2023-36281

Back to Vulnerability Database

CVE-2023-36281

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations